×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Support

Information Security Compliance Analyst

Job in Hamilton, Ontario, E8H, Canada
Listing for: Gowling WLG
Full Time position
Listed on 2026-06-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Support
Salary/Wage Range or Industry Benchmark: 60000 - 80000 CAD Yearly CAD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

PROFILE

We are looking for an Information Security Compliance Analyst to join our Firm!

This role will be responsible for assessing and managing client contractual and Outside Counsel Guideline (OCG) requirements for information security, leading the firm’s responses to client security assessments, and organizing third-party and internal security audits. The Compliance Analyst will work closely with the firm’s Information Security Coordinator to prepare for and manage the firm’s annual ISO 27001 audits.

The Information Security Compliance Analyst will manage the firm’s obligations under the Controlled Goods Program (CGP) as the Designated Official (DO) and oversee compliance with Canada’s Contract Security Program (CSP) while serving as the Company Security Officer (CSO).

This position can be based in any of our Canadian offices! This is a primarily remote role with in-office attendance as required.

RESPONSIBILITIES

Client & Contractual Compliance

  • Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
  • Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
  • Track compliance obligations and provide clear reporting to firm leadership and practice groups.
  • Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).

ISO 27001 Compliance & Audits

  • Organize and manage third-party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
  • Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
  • Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements.

Controlled Goods Program (CGP) & Contract Security Program (CSP)

  • Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
  • Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
  • Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
  • Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.
  • Develop, implement, and maintain procedures and training programs that support compliance with client and regulatory security requirements.
  • Conduct regular risk assessments and internal reviews to identify compliance gaps and oversee corrective actions.
  • Provide ongoing compliance training and awareness for lawyers, staff, and management.
  • Maintain comprehensive documentation and evidence of compliance activities.
QUALIFICATIONS
  • Bachelor’s degree in information security, Business Administration, or a related field.
  • 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred).
  • Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management.
  • ISO/IEC 27001:2022 Lead Auditor or Lead Implementer.
  • Completion of the Controlled Goods Program Designated Official Certification Program, or ability to complete upon appointment.
  • Completion of Contract Security Program Company Security Officer training, or ability to complete upon appointment.
  • The following certifications would be considered an asset: CISA, ISC2 CGRC, CRISC, CIPP/C, CIPM, Security+, NIST Cybersecurity Framework training, or equivalent GRC/audit/compliance credentials.
  • Familiarity with Canadian security programs:
    Controlled Goods Program (CGP) and Contract Security Program (CSP).
  • Experience serving as, or supporting, a Designated Official (DO) and/or Company Security Officer (CSO) is an asset.
  • Strong understanding of client-facing compliance processes (e.g., OCGs, security questionnaires, vendor due diligence).
  • Excellent organizational, communication, and problem-solving skills.
  • Proven ability to handle sensitive…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search